Haupt-Navigation

Page Content

Advisories

Sometimes the AGRS analyzes existing systems
for security problems. And sometimes, we just accidently run into
security related bugs. In most cases, the problem is solved in close
contact with the vendor and the vendor informs its customer about the
details.

When there are a lot of affected users or if we do not get any
support by the vendor at all, we publish our findings here.

The advisories represent the state at the time of publishing. In
the meantime, the problem may be solved or may be reintroduced by a
software update.

Vendor
Contact for Vulnerability Finder

Most
finder of security related bugs, just want that the bug gets fixed and
that all affected user get informed. However, many finders do not want
to spend much time to identify the right contact persons just to spend
even more time to convince them that the risk is real. Some are even
afraid about potential legal actions.

In both cases, we can
help with negotiating with the vendor, registering a CVE number [1],
and if necessary publishing an Advisories. We can act either as an
anonymizing proxy or in the name of the finder.